As you’ve probably heard, Google and the Open Handset Alliance have recently released an open source mobile computing platform called Android. This platform, IMHO, has the potential to completely revolutionize handheld computing (especially when combined with an open hardware device like the Neo Freerunner).

While there are a lot of great things we can do with the Android platform (and I encourage you to post your own ideas in the comments or in a separate Pending Projects post), I think the number one thing that should be implemented now is a GnuPG/OpenPGP system.

Here’s why:

Easy key signing and verification. The biggest problem with our Public Key Infrastructure today is that verifying another person’s key is a big hassle. If you don’t know how much of a hassle it is, check out the Keysinging Party HowTo. Imagine if all it took to verify someone’s key was to glance at their phone’s screen and push a button on your own. We could still have keysigning parties, but there’d be a lot more party and lot less keysigning.

It opens the way for an opt in replacement to government issued IDs. We can have all the integrity of government IDs without the government and with the ability to selectively choose the information we wish to reveal about ourselves. Sounds a whole lot better than RealID if you ask me.

All the other cool things you can do with public/private key pairs: Opening doors; logging into your computer; encryption, signing and verification of messages.

Because we can. Google has provided most of the crypto libraries we need in the standard library so all we really have to implement is the trust database and bundle it up in a nice package.

Email me if you’re interested in working on this or want to talk about it more,

Also, if you haven’t heard about Hampshire Hacktivists yet, there’s a new student group starting devoted to working on projects like this, talking/teaching about data protection and privacy, and other fun stuff like that. We’ll probably be meeting sometime in this week (maybe even having a keysigning party).

– John Schanck

This entry was posted on
February 2, 2009 at 1:04 am and is filed under Uncategorized.